+3 -3

cmd/appview/serve.go

reviewed

··· 159 159 slog.Info("Hold authorizer initialized with database caching") 160 160 161 161 // Initialize Jetstream workers (background services before HTTP routes) 162 162 - initializeJetstream(uiDatabase, &cfg.Jetstream, defaultHoldDID, testMode) 162 162 + initializeJetstream(uiDatabase, &cfg.Jetstream, defaultHoldDID, testMode, refresher) 163 163 164 164 // Create main chi router 165 165 mainRouter := chi.NewRouter() ··· 514 514 } 515 515 516 516 // initializeJetstream initializes the Jetstream workers for real-time events and backfill 517 517 - func initializeJetstream(database *sql.DB, jetstreamCfg *appview.JetstreamConfig, defaultHoldDID string, testMode bool) { 517 517 + func initializeJetstream(database *sql.DB, jetstreamCfg *appview.JetstreamConfig, defaultHoldDID string, testMode bool, refresher *oauth.Refresher) { 518 518 // Start Jetstream worker 519 519 jetstreamURL := jetstreamCfg.URL 520 520 ··· 538 538 // Get relay endpoint for sync API (defaults to Bluesky's relay) 539 539 relayEndpoint := jetstreamCfg.RelayEndpoint 540 540 541 541 - backfillWorker, err := jetstream.NewBackfillWorker(database, relayEndpoint, defaultHoldDID, testMode) 541 541 + backfillWorker, err := jetstream.NewBackfillWorker(database, relayEndpoint, defaultHoldDID, testMode, refresher) 542 542 if err != nil { 543 543 slog.Warn("Failed to create backfill worker", "component", "jetstream/backfill", "error", err) 544 544 } else {

+39 -6

pkg/appview/db/queries.go

reviewed

··· 7 7 "time" 8 8 ) 9 9 10 10 + // BlobCDNURL returns the CDN URL for an ATProto blob 11 11 + // This is a local copy to avoid importing atproto (prevents circular dependencies) 12 12 + func BlobCDNURL(did, cid string) string { 13 13 + return fmt.Sprintf("https://imgs.blue/%s/%s", did, cid) 14 14 + } 15 15 + 10 16 // escapeLikePattern escapes SQL LIKE wildcards (%, _) and backslash for safe searching. 11 17 // It also sanitizes the input to prevent injection attacks via special characters. 12 18 func escapeLikePattern(s string) string { ··· 46 52 COALESCE((SELECT COUNT(*) FROM stars WHERE owner_did = u.did AND repository = t.repository), 0), 47 53 COALESCE((SELECT COUNT(*) FROM stars WHERE starrer_did = ? AND owner_did = u.did AND repository = t.repository), 0), 48 54 t.created_at, 49 49 - m.hold_endpoint 55 55 + m.hold_endpoint, 56 56 + COALESCE(rp.avatar_cid, '') 50 57 FROM tags t 51 58 JOIN users u ON t.did = u.did 52 59 JOIN manifests m ON t.did = m.did AND t.repository = m.repository AND t.digest = m.digest 53 60 LEFT JOIN repository_stats rs ON t.did = rs.did AND t.repository = rs.repository 61 61 + LEFT JOIN repo_pages rp ON t.did = rp.did AND t.repository = rp.repository 54 62 ` 55 63 56 64 args := []any{currentUserDID} ··· 73 81 for rows.Next() { 74 82 var p Push 75 83 var isStarredInt int 76 76 - if err := rows.Scan(&p.DID, &p.Handle, &p.Repository, &p.Tag, &p.Digest, &p.Title, &p.Description, &p.IconURL, &p.PullCount, &p.StarCount, &isStarredInt, &p.CreatedAt, &p.HoldEndpoint); err != nil { 84 84 + var avatarCID string 85 85 + if err := rows.Scan(&p.DID, &p.Handle, &p.Repository, &p.Tag, &p.Digest, &p.Title, &p.Description, &p.IconURL, &p.PullCount, &p.StarCount, &isStarredInt, &p.CreatedAt, &p.HoldEndpoint, &avatarCID); err != nil { 77 86 return nil, 0, err 78 87 } 79 88 p.IsStarred = isStarredInt > 0 89 89 + // Prefer repo page avatar over annotation icon 90 90 + if avatarCID != "" { 91 91 + p.IconURL = BlobCDNURL(p.DID, avatarCID) 92 92 + } 80 93 pushes = append(pushes, p) 81 94 } 82 95 ··· 119 132 COALESCE((SELECT COUNT(*) FROM stars WHERE owner_did = u.did AND repository = t.repository), 0), 120 133 COALESCE((SELECT COUNT(*) FROM stars WHERE starrer_did = ? AND owner_did = u.did AND repository = t.repository), 0), 121 134 t.created_at, 122 122 - m.hold_endpoint 135 135 + m.hold_endpoint, 136 136 + COALESCE(rp.avatar_cid, '') 123 137 FROM tags t 124 138 JOIN users u ON t.did = u.did 125 139 JOIN manifests m ON t.did = m.did AND t.repository = m.repository AND t.digest = m.digest 126 140 LEFT JOIN repository_stats rs ON t.did = rs.did AND t.repository = rs.repository 141 141 + LEFT JOIN repo_pages rp ON t.did = rp.did AND t.repository = rp.repository 127 142 WHERE u.handle LIKE ? ESCAPE '\' 128 143 OR u.did = ? 129 144 OR t.repository LIKE ? ESCAPE '\' ··· 146 161 for rows.Next() { 147 162 var p Push 148 163 var isStarredInt int 149 149 - if err := rows.Scan(&p.DID, &p.Handle, &p.Repository, &p.Tag, &p.Digest, &p.Title, &p.Description, &p.IconURL, &p.PullCount, &p.StarCount, &isStarredInt, &p.CreatedAt, &p.HoldEndpoint); err != nil { 164 164 + var avatarCID string 165 165 + if err := rows.Scan(&p.DID, &p.Handle, &p.Repository, &p.Tag, &p.Digest, &p.Title, &p.Description, &p.IconURL, &p.PullCount, &p.StarCount, &isStarredInt, &p.CreatedAt, &p.HoldEndpoint, &avatarCID); err != nil { 150 166 return nil, 0, err 151 167 } 152 168 p.IsStarred = isStarredInt > 0 169 169 + // Prefer repo page avatar over annotation icon 170 170 + if avatarCID != "" { 171 171 + p.IconURL = BlobCDNURL(p.DID, avatarCID) 172 172 + } 153 173 pushes = append(pushes, p) 154 174 } 155 175 ··· 292 312 r.Licenses = annotations["org.opencontainers.image.licenses"] 293 313 r.IconURL = annotations["io.atcr.icon"] 294 314 r.ReadmeURL = annotations["io.atcr.readme"] 315 315 + 316 316 + // Check for repo page avatar (overrides annotation icon) 317 317 + repoPage, err := GetRepoPage(db, did, r.Name) 318 318 + if err == nil && repoPage != nil && repoPage.AvatarCID != "" { 319 319 + r.IconURL = BlobCDNURL(did, repoPage.AvatarCID) 320 320 + } 295 321 296 322 repos = append(repos, r) 297 323 } ··· 1660 1686 COALESCE((SELECT value FROM repository_annotations WHERE did = m.did AND repository = m.repository AND key = 'io.atcr.icon'), ''), 1661 1687 rs.pull_count, 1662 1688 rs.star_count, 1663 1663 - COALESCE((SELECT COUNT(*) FROM stars WHERE starrer_did = ? AND owner_did = m.did AND repository = m.repository), 0) 1689 1689 + COALESCE((SELECT COUNT(*) FROM stars WHERE starrer_did = ? AND owner_did = m.did AND repository = m.repository), 0), 1690 1690 + COALESCE(rp.avatar_cid, '') 1664 1691 FROM latest_manifests lm 1665 1692 JOIN manifests m ON lm.latest_id = m.id 1666 1693 JOIN users u ON m.did = u.did 1667 1694 JOIN repo_stats rs ON m.did = rs.did AND m.repository = rs.repository 1695 1695 + LEFT JOIN repo_pages rp ON m.did = rp.did AND m.repository = rp.repository 1668 1696 ORDER BY rs.score DESC, rs.star_count DESC, rs.pull_count DESC, m.created_at DESC 1669 1697 LIMIT ? 1670 1698 ` ··· 1679 1707 for rows.Next() { 1680 1708 var f FeaturedRepository 1681 1709 var isStarredInt int 1710 1710 + var avatarCID string 1682 1711 1683 1712 if err := rows.Scan(&f.OwnerDID, &f.OwnerHandle, &f.Repository, 1684 1684 - &f.Title, &f.Description, &f.IconURL, &f.PullCount, &f.StarCount, &isStarredInt); err != nil { 1713 1713 + &f.Title, &f.Description, &f.IconURL, &f.PullCount, &f.StarCount, &isStarredInt, &avatarCID); err != nil { 1685 1714 return nil, err 1686 1715 } 1687 1716 f.IsStarred = isStarredInt > 0 1717 1717 + // Prefer repo page avatar over annotation icon 1718 1718 + if avatarCID != "" { 1719 1719 + f.IconURL = BlobCDNURL(f.OwnerDID, avatarCID) 1720 1720 + } 1688 1721 1689 1722 featured = append(featured, f) 1690 1723 }

+114

pkg/appview/handlers/images.go

reviewed

··· 3 3 import ( 4 4 "database/sql" 5 5 "encoding/json" 6 6 + "errors" 6 7 "fmt" 8 8 + "io" 7 9 "net/http" 8 10 "strings" 11 11 + "time" 9 12 10 13 "atcr.io/pkg/appview/db" 11 14 "atcr.io/pkg/appview/middleware" ··· 155 158 156 159 w.WriteHeader(http.StatusOK) 157 160 } 161 161 + 162 162 + // UploadAvatarHandler handles uploading/updating a repository avatar 163 163 + type UploadAvatarHandler struct { 164 164 + DB *sql.DB 165 165 + Refresher *oauth.Refresher 166 166 + } 167 167 + 168 168 + // validImageTypes are the allowed MIME types for avatars (matches lexicon) 169 169 + var validImageTypes = map[string]bool{ 170 170 + "image/png": true, 171 171 + "image/jpeg": true, 172 172 + "image/webp": true, 173 173 + } 174 174 + 175 175 + func (h *UploadAvatarHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 176 176 + user := middleware.GetUser(r) 177 177 + if user == nil { 178 178 + http.Error(w, "Unauthorized", http.StatusUnauthorized) 179 179 + return 180 180 + } 181 181 + 182 182 + repo := chi.URLParam(r, "repository") 183 183 + 184 184 + // Parse multipart form (max 3MB to match lexicon maxSize) 185 185 + if err := r.ParseMultipartForm(3 << 20); err != nil { 186 186 + http.Error(w, "File too large (max 3MB)", http.StatusBadRequest) 187 187 + return 188 188 + } 189 189 + 190 190 + file, header, err := r.FormFile("avatar") 191 191 + if err != nil { 192 192 + http.Error(w, "No file provided", http.StatusBadRequest) 193 193 + return 194 194 + } 195 195 + defer file.Close() 196 196 + 197 197 + // Validate MIME type 198 198 + contentType := header.Header.Get("Content-Type") 199 199 + if !validImageTypes[contentType] { 200 200 + http.Error(w, "Invalid file type. Must be PNG, JPEG, or WebP", http.StatusBadRequest) 201 201 + return 202 202 + } 203 203 + 204 204 + // Read file data 205 205 + data, err := io.ReadAll(io.LimitReader(file, 3<<20+1)) // Read up to 3MB + 1 byte 206 206 + if err != nil { 207 207 + http.Error(w, "Failed to read file", http.StatusInternalServerError) 208 208 + return 209 209 + } 210 210 + if len(data) > 3<<20 { 211 211 + http.Error(w, "File too large (max 3MB)", http.StatusBadRequest) 212 212 + return 213 213 + } 214 214 + 215 215 + // Create ATProto client with session provider (uses DoWithSession for DPoP nonce safety) 216 216 + pdsClient := atproto.NewClientWithSessionProvider(user.PDSEndpoint, user.DID, h.Refresher) 217 217 + 218 218 + // Upload blob to PDS 219 219 + blobRef, err := pdsClient.UploadBlob(r.Context(), data, contentType) 220 220 + if err != nil { 221 221 + if handleOAuthError(r.Context(), h.Refresher, user.DID, err) { 222 222 + http.Error(w, "Authentication failed, please log in again", http.StatusUnauthorized) 223 223 + return 224 224 + } 225 225 + http.Error(w, fmt.Sprintf("Failed to upload image: %v", err), http.StatusInternalServerError) 226 226 + return 227 227 + } 228 228 + 229 229 + // Fetch existing repo page record to preserve description 230 230 + var existingDescription string 231 231 + var existingCreatedAt time.Time 232 232 + record, err := pdsClient.GetRecord(r.Context(), atproto.RepoPageCollection, repo) 233 233 + if err == nil { 234 234 + // Parse existing record to preserve description 235 235 + var existingRecord atproto.RepoPageRecord 236 236 + if jsonErr := json.Unmarshal(record.Value, &existingRecord); jsonErr == nil { 237 237 + existingDescription = existingRecord.Description 238 238 + existingCreatedAt = existingRecord.CreatedAt 239 239 + } 240 240 + } else if !errors.Is(err, atproto.ErrRecordNotFound) { 241 241 + // Some other error - check if OAuth error 242 242 + if handleOAuthError(r.Context(), h.Refresher, user.DID, err) { 243 243 + http.Error(w, "Authentication failed, please log in again", http.StatusUnauthorized) 244 244 + return 245 245 + } 246 246 + // Log but continue - we'll create a new record 247 247 + } 248 248 + 249 249 + // Create updated repo page record 250 250 + repoPage := atproto.NewRepoPageRecord(repo, existingDescription, blobRef) 251 251 + // Preserve original createdAt if record existed 252 252 + if !existingCreatedAt.IsZero() { 253 253 + repoPage.CreatedAt = existingCreatedAt 254 254 + } 255 255 + 256 256 + // Save record to PDS 257 257 + _, err = pdsClient.PutRecord(r.Context(), atproto.RepoPageCollection, repo, repoPage) 258 258 + if err != nil { 259 259 + if handleOAuthError(r.Context(), h.Refresher, user.DID, err) { 260 260 + http.Error(w, "Authentication failed, please log in again", http.StatusUnauthorized) 261 261 + return 262 262 + } 263 263 + http.Error(w, fmt.Sprintf("Failed to update repository page: %v", err), http.StatusInternalServerError) 264 264 + return 265 265 + } 266 266 + 267 267 + // Return new avatar URL 268 268 + avatarURL := atproto.BlobCDNURL(user.DID, blobRef.Ref.Link) 269 269 + w.Header().Set("Content-Type", "application/json") 270 270 + json.NewEncoder(w).Encode(map[string]string{"avatarURL": avatarURL}) 271 271 + }

+10 -7

pkg/appview/handlers/repository.go

reviewed

··· 195 195 196 196 // Try repo page record from database (synced from PDS via Jetstream) 197 197 repoPage, err := db.GetRepoPage(h.DB, owner.DID, repository) 198 198 - if err == nil && repoPage != nil && repoPage.Description != "" { 199 199 - // Use repo page data 200 200 - if h.ReadmeFetcher != nil { 198 198 + if err == nil && repoPage != nil { 199 199 + // Use repo page avatar if present 200 200 + if repoPage.AvatarCID != "" { 201 201 + repo.IconURL = atproto.BlobCDNURL(owner.DID, repoPage.AvatarCID) 202 202 + } 203 203 + // Render description as markdown if present 204 204 + if repoPage.Description != "" && h.ReadmeFetcher != nil { 201 205 html, err := h.ReadmeFetcher.RenderMarkdown([]byte(repoPage.Description)) 202 206 if err != nil { 203 207 slog.Warn("Failed to render repo page description", "error", err) ··· 205 209 readmeHTML = template.HTML(html) 206 210 } 207 211 } 208 208 - if repoPage.AvatarCID != "" { 209 209 - repo.IconURL = atproto.BlobCDNURL(owner.DID, repoPage.AvatarCID) 210 210 - } 211 211 - } else if h.ReadmeFetcher != nil { 212 212 + } 213 213 + // Fall back to fetching README from URL annotations if no description in repo page 214 214 + if readmeHTML == "" && h.ReadmeFetcher != nil { 212 215 // Fall back to fetching from URL annotations 213 216 readmeURL := repo.ReadmeURL 214 217 if readmeURL == "" && repo.SourceURL != "" {

+201 -4

pkg/appview/jetstream/backfill.go

reviewed

··· 5 5 "database/sql" 6 6 "encoding/json" 7 7 "fmt" 8 8 + "io" 8 9 "log/slog" 10 10 + "net/http" 9 11 "strings" 10 12 "time" 11 13 12 14 "atcr.io/pkg/appview/db" 15 15 + "atcr.io/pkg/appview/readme" 13 16 "atcr.io/pkg/atproto" 17 17 + "atcr.io/pkg/auth/oauth" 14 18 ) 15 19 16 20 // BackfillWorker uses com.atproto.sync.listReposByCollection to backfill historical data 17 21 type BackfillWorker struct { 18 22 db *sql.DB 19 23 client *atproto.Client 20 20 - processor *Processor // Shared processor for DB operations 21 21 - defaultHoldDID string // Default hold DID from AppView config (e.g., "did:web:hold01.atcr.io") 22 22 - testMode bool // If true, suppress warnings for external holds 24 24 + processor *Processor // Shared processor for DB operations 25 25 + defaultHoldDID string // Default hold DID from AppView config (e.g., "did:web:hold01.atcr.io") 26 26 + testMode bool // If true, suppress warnings for external holds 27 27 + refresher *oauth.Refresher // OAuth refresher for PDS writes (optional, can be nil) 23 28 } 24 29 25 30 // BackfillState tracks backfill progress ··· 36 41 // NewBackfillWorker creates a backfill worker using sync API 37 42 // defaultHoldDID should be in format "did:web:hold01.atcr.io" 38 43 // To find a hold's DID, visit: https://hold-url/.well-known/did.json 39 39 - func NewBackfillWorker(database *sql.DB, relayEndpoint, defaultHoldDID string, testMode bool) (*BackfillWorker, error) { 44 44 + // refresher is optional - if provided, backfill will try to update PDS records when fetching README content 45 45 + func NewBackfillWorker(database *sql.DB, relayEndpoint, defaultHoldDID string, testMode bool, refresher *oauth.Refresher) (*BackfillWorker, error) { 40 46 // Create client for relay - used only for listReposByCollection 41 47 client := atproto.NewClient(relayEndpoint, "", "") 42 48 ··· 46 52 processor: NewProcessor(database, false), // No cache for batch processing 47 53 defaultHoldDID: defaultHoldDID, 48 54 testMode: testMode, 55 55 + refresher: refresher, 49 56 }, nil 50 57 } 51 58 ··· 215 222 // This fixes out-of-order backfill where older manifests can overwrite newer annotations 216 223 if err := b.reconcileAnnotations(ctx, did, pdsClient); err != nil { 217 224 slog.Warn("Backfill failed to reconcile annotations", "did", did, "error", err) 225 225 + } 226 226 + } 227 227 + 228 228 + // After processing repo pages, fetch descriptions from external sources if empty 229 229 + if collection == atproto.RepoPageCollection { 230 230 + if err := b.reconcileRepoPageDescriptions(ctx, did, pdsEndpoint); err != nil { 231 231 + slog.Warn("Backfill failed to reconcile repo page descriptions", "did", did, "error", err) 218 232 } 219 233 } 220 234 ··· 417 431 418 432 return nil 419 433 } 434 434 + 435 435 + // reconcileRepoPageDescriptions fetches README content from external sources for repo pages with empty descriptions 436 436 + // If the user has an OAuth session, it updates the PDS record (source of truth) 437 437 + // Otherwise, it just stores the fetched content in the database 438 438 + func (b *BackfillWorker) reconcileRepoPageDescriptions(ctx context.Context, did, pdsEndpoint string) error { 439 439 + // Get all repo pages for this DID 440 440 + repoPages, err := db.GetRepoPagesByDID(b.db, did) 441 441 + if err != nil { 442 442 + return fmt.Errorf("failed to get repo pages: %w", err) 443 443 + } 444 444 + 445 445 + for _, page := range repoPages { 446 446 + // Skip pages that already have a description 447 447 + if page.Description != "" { 448 448 + continue 449 449 + } 450 450 + 451 451 + // Get annotations from the repository's manifest 452 452 + annotations, err := db.GetRepositoryAnnotations(b.db, did, page.Repository) 453 453 + if err != nil { 454 454 + slog.Debug("Failed to get annotations for repo page", "did", did, "repository", page.Repository, "error", err) 455 455 + continue 456 456 + } 457 457 + 458 458 + // Try to fetch README content from external sources 459 459 + description := b.fetchReadmeContent(ctx, annotations) 460 460 + if description == "" { 461 461 + // No README content available, skip 462 462 + continue 463 463 + } 464 464 + 465 465 + slog.Info("Fetched README for repo page", "did", did, "repository", page.Repository, "descriptionLength", len(description)) 466 466 + 467 467 + // Try to update PDS if we have OAuth session 468 468 + pdsUpdated := false 469 469 + if b.refresher != nil { 470 470 + if err := b.updateRepoPageInPDS(ctx, did, pdsEndpoint, page.Repository, description, page.AvatarCID); err != nil { 471 471 + slog.Debug("Could not update repo page in PDS, falling back to DB-only", "did", did, "repository", page.Repository, "error", err) 472 472 + } else { 473 473 + pdsUpdated = true 474 474 + slog.Info("Updated repo page in PDS with fetched description", "did", did, "repository", page.Repository) 475 475 + } 476 476 + } 477 477 + 478 478 + // Always update database with the fetched content 479 479 + if err := db.UpsertRepoPage(b.db, did, page.Repository, description, page.AvatarCID, page.CreatedAt, time.Now()); err != nil { 480 480 + slog.Warn("Failed to update repo page in database", "did", did, "repository", page.Repository, "error", err) 481 481 + } else if !pdsUpdated { 482 482 + slog.Info("Updated repo page in database (PDS not updated)", "did", did, "repository", page.Repository) 483 483 + } 484 484 + } 485 485 + 486 486 + return nil 487 487 + } 488 488 + 489 489 + // fetchReadmeContent attempts to fetch README content from external sources based on annotations 490 490 + // Priority: io.atcr.readme annotation > derived from org.opencontainers.image.source 491 491 + func (b *BackfillWorker) fetchReadmeContent(ctx context.Context, annotations map[string]string) string { 492 492 + // Create a context with timeout for README fetching 493 493 + fetchCtx, cancel := context.WithTimeout(ctx, 10*time.Second) 494 494 + defer cancel() 495 495 + 496 496 + // Priority 1: Direct README URL from io.atcr.readme annotation 497 497 + if readmeURL := annotations["io.atcr.readme"]; readmeURL != "" { 498 498 + content, err := b.fetchRawReadme(fetchCtx, readmeURL) 499 499 + if err != nil { 500 500 + slog.Debug("Failed to fetch README from io.atcr.readme annotation", "url", readmeURL, "error", err) 501 501 + } else if content != "" { 502 502 + return content 503 503 + } 504 504 + } 505 505 + 506 506 + // Priority 2: Derive README URL from org.opencontainers.image.source 507 507 + if sourceURL := annotations["org.opencontainers.image.source"]; sourceURL != "" { 508 508 + // Try main branch first, then master 509 509 + for _, branch := range []string{"main", "master"} { 510 510 + readmeURL := readme.DeriveReadmeURL(sourceURL, branch) 511 511 + if readmeURL == "" { 512 512 + continue 513 513 + } 514 514 + 515 515 + content, err := b.fetchRawReadme(fetchCtx, readmeURL) 516 516 + if err != nil { 517 517 + // Only log non-404 errors (404 is expected when trying main vs master) 518 518 + if !readme.Is404(err) { 519 519 + slog.Debug("Failed to fetch README from source URL", "url", readmeURL, "branch", branch, "error", err) 520 520 + } 521 521 + continue 522 522 + } 523 523 + 524 524 + if content != "" { 525 525 + return content 526 526 + } 527 527 + } 528 528 + } 529 529 + 530 530 + return "" 531 531 + } 532 532 + 533 533 + // fetchRawReadme fetches raw markdown content from a URL 534 534 + func (b *BackfillWorker) fetchRawReadme(ctx context.Context, readmeURL string) (string, error) { 535 535 + req, err := http.NewRequestWithContext(ctx, "GET", readmeURL, nil) 536 536 + if err != nil { 537 537 + return "", fmt.Errorf("failed to create request: %w", err) 538 538 + } 539 539 + 540 540 + req.Header.Set("User-Agent", "ATCR-Backfill-README-Fetcher/1.0") 541 541 + 542 542 + client := &http.Client{ 543 543 + Timeout: 10 * time.Second, 544 544 + CheckRedirect: func(req *http.Request, via []*http.Request) error { 545 545 + if len(via) >= 5 { 546 546 + return fmt.Errorf("too many redirects") 547 547 + } 548 548 + return nil 549 549 + }, 550 550 + } 551 551 + 552 552 + resp, err := client.Do(req) 553 553 + if err != nil { 554 554 + return "", fmt.Errorf("failed to fetch URL: %w", err) 555 555 + } 556 556 + defer resp.Body.Close() 557 557 + 558 558 + if resp.StatusCode != http.StatusOK { 559 559 + return "", fmt.Errorf("status %d", resp.StatusCode) 560 560 + } 561 561 + 562 562 + // Limit content size to 100KB 563 563 + limitedReader := io.LimitReader(resp.Body, 100*1024) 564 564 + content, err := io.ReadAll(limitedReader) 565 565 + if err != nil { 566 566 + return "", fmt.Errorf("failed to read response body: %w", err) 567 567 + } 568 568 + 569 569 + return string(content), nil 570 570 + } 571 571 + 572 572 + // updateRepoPageInPDS updates the repo page record in the user's PDS using OAuth 573 573 + func (b *BackfillWorker) updateRepoPageInPDS(ctx context.Context, did, pdsEndpoint, repository, description, avatarCID string) error { 574 574 + if b.refresher == nil { 575 575 + return fmt.Errorf("no OAuth refresher available") 576 576 + } 577 577 + 578 578 + // Create ATProto client with session provider 579 579 + pdsClient := atproto.NewClientWithSessionProvider(pdsEndpoint, did, b.refresher) 580 580 + 581 581 + // Get existing repo page record to preserve other fields 582 582 + existingRecord, err := pdsClient.GetRecord(ctx, atproto.RepoPageCollection, repository) 583 583 + var createdAt time.Time 584 584 + var avatarRef *atproto.ATProtoBlobRef 585 585 + 586 586 + if err == nil && existingRecord != nil { 587 587 + // Parse existing record 588 588 + var existingPage atproto.RepoPageRecord 589 589 + if err := json.Unmarshal(existingRecord.Value, &existingPage); err == nil { 590 590 + createdAt = existingPage.CreatedAt 591 591 + avatarRef = existingPage.Avatar 592 592 + } 593 593 + } 594 594 + 595 595 + if createdAt.IsZero() { 596 596 + createdAt = time.Now() 597 597 + } 598 598 + 599 599 + // Create updated repo page record 600 600 + repoPage := &atproto.RepoPageRecord{ 601 601 + Type: atproto.RepoPageCollection, 602 602 + Repository: repository, 603 603 + Description: description, 604 604 + Avatar: avatarRef, 605 605 + CreatedAt: createdAt, 606 606 + UpdatedAt: time.Now(), 607 607 + } 608 608 + 609 609 + // Write to PDS - this will use DoWithSession internally 610 610 + _, err = pdsClient.PutRecord(ctx, atproto.RepoPageCollection, repository, repoPage) 611 611 + if err != nil { 612 612 + return fmt.Errorf("failed to write to PDS: %w", err) 613 613 + } 614 614 + 615 615 + return nil 616 616 + }

+1 -3

pkg/appview/jetstream/worker.go

reviewed

··· 61 61 jetstreamURL: jetstreamURL, 62 62 startCursor: startCursor, 63 63 wantedCollections: []string{ 64 64 - atproto.ManifestCollection, // io.atcr.manifest 65 65 - atproto.TagCollection, // io.atcr.tag 66 66 - atproto.StarCollection, // io.atcr.sailor.star 64 64 + "io.atcr.*", // Subscribe to all ATCR collections 67 65 }, 68 66 processor: NewProcessor(database, true), // Use cache for live streaming 69 67 }

+5

pkg/appview/routes/routes.go

reviewed

··· 188 188 Refresher: deps.Refresher, 189 189 }).ServeHTTP) 190 190 191 191 + r.Post("/api/images/{repository}/avatar", (&uihandlers.UploadAvatarHandler{ 192 192 + DB: deps.Database, 193 193 + Refresher: deps.Refresher, 194 194 + }).ServeHTTP) 195 195 + 191 196 // Device approval page (authenticated) 192 197 r.Get("/device", (&uihandlers.DeviceApprovalPageHandler{ 193 198 Store: deps.DeviceStore,

+29

pkg/appview/static/css/style.css

reviewed

··· 1236 1236 flex-shrink: 0; 1237 1237 } 1238 1238 1239 1239 + .repo-hero-icon-wrapper { 1240 1240 + position: relative; 1241 1241 + display: inline-block; 1242 1242 + flex-shrink: 0; 1243 1243 + } 1244 1244 + 1245 1245 + .avatar-upload-overlay { 1246 1246 + position: absolute; 1247 1247 + inset: 0; 1248 1248 + display: flex; 1249 1249 + align-items: center; 1250 1250 + justify-content: center; 1251 1251 + background: rgba(0, 0, 0, 0.5); 1252 1252 + border-radius: 12px; 1253 1253 + opacity: 0; 1254 1254 + cursor: pointer; 1255 1255 + transition: opacity 0.2s ease; 1256 1256 + } 1257 1257 + 1258 1258 + .avatar-upload-overlay i { 1259 1259 + color: white; 1260 1260 + width: 24px; 1261 1261 + height: 24px; 1262 1262 + } 1263 1263 + 1264 1264 + .repo-hero-icon-wrapper:hover .avatar-upload-overlay { 1265 1265 + opacity: 1; 1266 1266 + } 1267 1267 + 1239 1268 .repo-hero-info { 1240 1269 flex: 1; 1241 1270 }

+63

pkg/appview/static/js/app.js

reviewed

··· 434 434 } 435 435 } 436 436 437 437 + // Upload repository avatar 438 438 + async function uploadAvatar(input, repository) { 439 439 + const file = input.files[0]; 440 440 + if (!file) return; 441 441 + 442 442 + // Client-side validation 443 443 + const validTypes = ['image/png', 'image/jpeg', 'image/webp']; 444 444 + if (!validTypes.includes(file.type)) { 445 445 + alert('Please select a PNG, JPEG, or WebP image'); 446 446 + return; 447 447 + } 448 448 + if (file.size > 3 * 1024 * 1024) { 449 449 + alert('Image must be less than 3MB'); 450 450 + return; 451 451 + } 452 452 + 453 453 + const formData = new FormData(); 454 454 + formData.append('avatar', file); 455 455 + 456 456 + try { 457 457 + const response = await fetch(`/api/images/${repository}/avatar`, { 458 458 + method: 'POST', 459 459 + credentials: 'include', 460 460 + body: formData 461 461 + }); 462 462 + 463 463 + if (response.status === 401) { 464 464 + window.location.href = '/auth/oauth/login'; 465 465 + return; 466 466 + } 467 467 + 468 468 + if (!response.ok) { 469 469 + const error = await response.text(); 470 470 + throw new Error(error); 471 471 + } 472 472 + 473 473 + const data = await response.json(); 474 474 + 475 475 + // Update the avatar image on the page 476 476 + const wrapper = document.querySelector('.repo-hero-icon-wrapper'); 477 477 + if (!wrapper) return; 478 478 + 479 479 + const existingImg = wrapper.querySelector('.repo-hero-icon'); 480 480 + const placeholder = wrapper.querySelector('.repo-hero-icon-placeholder'); 481 481 + 482 482 + if (existingImg) { 483 483 + existingImg.src = data.avatarURL; 484 484 + } else if (placeholder) { 485 485 + const newImg = document.createElement('img'); 486 486 + newImg.src = data.avatarURL; 487 487 + newImg.alt = repository; 488 488 + newImg.className = 'repo-hero-icon'; 489 489 + placeholder.replaceWith(newImg); 490 490 + } 491 491 + } catch (err) { 492 492 + console.error('Error uploading avatar:', err); 493 493 + alert('Failed to upload avatar: ' + err.message); 494 494 + } 495 495 + 496 496 + // Clear input so same file can be selected again 497 497 + input.value = ''; 498 498 + } 499 499 + 437 500 // Close modal when clicking outside 438 501 document.addEventListener('DOMContentLoaded', () => { 439 502 const modal = document.getElementById('manifest-delete-modal');

+9 -14

pkg/appview/storage/manifest_store.go

reviewed

··· 429 429 // This syncs repository metadata from manifest annotations to the io.atcr.repo.page collection 430 430 // Only creates a new record if one doesn't exist (doesn't overwrite user's custom content) 431 431 func (s *ManifestStore) ensureRepoPage(ctx context.Context, manifestRecord *atproto.ManifestRecord) { 432 432 - // Skip if no annotations 433 433 - if manifestRecord.Annotations == nil { 434 434 - return 435 435 - } 436 436 - 437 432 // Check if repo page already exists (don't overwrite user's custom content) 438 433 rkey := s.ctx.Repository 439 434 _, err := s.ctx.ATProtoClient.GetRecord(ctx, atproto.RepoPageCollection, rkey) ··· 449 444 return 450 445 } 451 446 447 447 + // Get annotations (may be nil if image has no OCI labels) 448 448 + annotations := manifestRecord.Annotations 449 449 + if annotations == nil { 450 450 + annotations = make(map[string]string) 451 451 + } 452 452 + 452 453 // Try to fetch README content from external sources 453 454 // Priority: io.atcr.readme annotation > derived from org.opencontainers.image.source > org.opencontainers.image.description 454 454 - description := s.fetchReadmeContent(ctx, manifestRecord.Annotations) 455 455 + description := s.fetchReadmeContent(ctx, annotations) 455 456 456 457 // If no README content could be fetched, fall back to description annotation 457 458 if description == "" { 458 458 - description = manifestRecord.Annotations["org.opencontainers.image.description"] 459 459 + description = annotations["org.opencontainers.image.description"] 459 460 } 460 461 461 462 // Try to fetch and upload icon from io.atcr.icon annotation 462 463 var avatarRef *atproto.ATProtoBlobRef 463 463 - if iconURL := manifestRecord.Annotations["io.atcr.icon"]; iconURL != "" { 464 464 + if iconURL := annotations["io.atcr.icon"]; iconURL != "" { 464 465 avatarRef = s.fetchAndUploadIcon(ctx, iconURL) 465 465 - } 466 466 - 467 467 - // If no description and no icon, nothing to create 468 468 - if description == "" && avatarRef == nil { 469 469 - slog.Debug("No README, description, or icon found for repo page", "did", s.ctx.DID, "repository", s.ctx.Repository) 470 470 - return 471 466 } 472 467 473 468 // Create new repo page record with description and optional avatar

+14 -5

pkg/appview/templates/pages/repository.html

reviewed

··· 27 27 <!-- Repository Header --> 28 28 <div class="repository-header"> 29 29 <div class="repo-hero"> 30 30 - {{ if .Repository.IconURL }} 31 31 - <img src="{{ .Repository.IconURL }}" alt="{{ .Repository.Name }}" class="repo-hero-icon"> 32 32 - {{ else }} 33 33 - <div class="repo-hero-icon-placeholder">{{ firstChar .Repository.Name }}</div> 34 34 - {{ end }} 30 30 + <div class="repo-hero-icon-wrapper"> 31 31 + {{ if .Repository.IconURL }} 32 32 + <img src="{{ .Repository.IconURL }}" alt="{{ .Repository.Name }}" class="repo-hero-icon"> 33 33 + {{ else }} 34 34 + <div class="repo-hero-icon-placeholder">{{ firstChar .Repository.Name }}</div> 35 35 + {{ end }} 36 36 + {{ if $.IsOwner }} 37 37 + <label class="avatar-upload-overlay" for="avatar-upload"> 38 38 + <i data-lucide="plus"></i> 39 39 + </label> 40 40 + <input type="file" id="avatar-upload" accept="image/png,image/jpeg,image/webp" 41 41 + onchange="uploadAvatar(this, '{{ .Repository.Name }}')" hidden> 42 42 + {{ end }} 43 43 + </div> 35 44 <div class="repo-hero-info"> 36 45 <h1> 37 46 <a href="/u/{{ .Owner.Handle }}" class="owner-link">{{ .Owner.Handle }}</a>

+4 -1

pkg/atproto/client.go

reviewed

··· 310 310 311 311 err := c.sessionProvider.DoWithSession(ctx, c.did, func(session *indigo_oauth.ClientSession) error { 312 312 apiClient := session.APIClient() 313 313 + // IMPORTANT: Use io.Reader for blob uploads 314 314 + // LexDo JSON-encodes []byte (base64), but streams io.Reader as raw bytes 315 315 + // Use the actual MIME type so PDS can validate against blob:image/* scope 313 316 return apiClient.LexDo(ctx, 314 317 "POST", 315 318 mimeType, 316 319 "com.atproto.repo.uploadBlob", 317 320 nil, 318 318 - data, 321 321 + bytes.NewReader(data), 319 322 &result, 320 323 ) 321 324 })

+4 -2

pkg/auth/oauth/client.go

reviewed

··· 77 77 func GetDefaultScopes(did string) []string { 78 78 scopes := []string{ 79 79 "atproto", 80 80 + // Used for service token validation on holds 81 81 + "rpc:com.atproto.repo.getRecord?aud=*", 80 82 // Image manifest types (single-arch) 81 83 "blob:application/vnd.oci.image.manifest.v1+json", 82 84 "blob:application/vnd.docker.distribution.manifest.v2+json", ··· 85 87 "blob:application/vnd.docker.distribution.manifest.list.v2+json", 86 88 // OCI artifact manifests (for cosign signatures, SBOMs, attestations) 87 89 "blob:application/vnd.cncf.oras.artifact.manifest.v1+json", 88 88 - // Used for service token validation on holds 89 89 - "rpc:com.atproto.repo.getRecord?aud=*", 90 90 + // image avatars 91 91 + "blob:image/*", 90 92 } 91 93 92 94 // Add repo scopes